How to prevent small business clients from hitting cyber blind spots
Ask five key questions to help identify cyber risk
As seen in Insurance Journal
In an increasingly digital world, it鈥檚 important that small businesses don鈥檛 get left behind when fending off cyber threats. While a recent study by Forbes Insights and 华体会 shows that most small business owners recognize they are exposed to cyber attacks (94 percent), only 20 percent feel adequately insured against cyber risks. This 鈥渃overage gap鈥� is driven largely by the challenges businesses face when valuing their (or other鈥檚) digital assets and what makes them potential targets of a cyber breach in the first place.
Assessing digital risks
Helping businesses understand they are big enough to be targets and recognize they have ample digital assets of value to a cyber attacker is a critical first step. A second crucial step is for independent agents to guide business owners through the complexities of a cyber risk analysis so they can identify high-risk areas in their operations. Often, business owners conclude they do not have any personally identifiable information in their systems, and their analysis stops there. Unfortunately, when it comes to small commercial insurance, and especially cyber, it is more complex than that.
The following are five key questions agents can ask to determine their customers鈥� most significant cyber risks:
- Does your client鈥檚 business have digital assets? Without knowing what the client is trying to protect, it is difficult to design a risk mitigation program. Small businesses can have many digital assets, including design or manufacturing specs (their own or customers鈥�), personal information, and mergers and acquisitions activity.
- Do they know where those assets are located? Understanding where and how assets are stored is critical in determining what kind of coverage is needed to protect them. This can include on-site systems, cloud back- ups, historical hard copy information, data entrusted to third parties (e.g. employee data managed by an HR suite or compensation management software provider) and more.
- How do they value those assets? Is the client in a 鈥渉igh-trust鈥� field (e.g. doctors, lawyers, etc.) where a cyber attack would reduce consumer confidence? Reputation management is a key consideration in designing cyber insurance coverage plans. For more industrial or manufacturing-based clients, questions related to the importance of the digital assets include: 鈥淲ould a shutdown cause the client to miss key deliverable dates?鈥� and, 鈥淐ould the data be easily recreated?鈥�
- Do they have access to a third party鈥檚 system? Your clients may not store valuable assets themselves but could be targets due to their access to larger, more data rich organizations with which they have business relationships.
- How long, or in what capacity, could they run their operations if their point-of-sale or other systems were taken off-line? Some attacks are indiscriminate and cast large nets. An unknowing employee could erroneously click on a malware link in an email that results in files or systems being 鈥渓ocked.鈥� Having coverage to mitigate risks associated with human error or employee negligence cannot be overstated for most clients, especially those relying heavily on point-of-sale, manufacturing or other systems.
Customizing coverage
Once digital asset risks are identified, the final step in a cyber risk analysis is determining which cyber insurance fits clients鈥� needs. Cyber insurance can provide coverage for first- and third-party risks, adding a level of complexity for businesses evaluating their needs. With almost every business relying on computers, optimizing policies for coverages and appropriate limits is challenging. It鈥檚 critical to consider coverages and limits that address the exposures specific to each customer鈥檚 class of business. Here are three cyber coverage types to consider, based on clients鈥� needs:
- Baseline. This coverage often is the best option for clients that do not have substantial exposures and do not require extensive protection. For instance, if a client does not collect extensive amounts of personal information and does not have highly automated and connected manufacturing systems, a 鈥渂olt-on鈥� product could be added to their existing package policy, offering added coverage needed to protect against cyber exposures. These bolt-on coverages are generally simpler and easier to purchase, as they may not require an underwriting application.
- Stand-alone. For larger clients or more complex needs, stand-alone cyber coverages can provide businesses with more comprehensive coverage and greater limits. While these products generally require underwriting applications, the simple process of completing the application is often beneficial to small businesses, as questions typically involve security-related best practices.
- Coverage continuity. It is also important to be mindful that some cyber risks may be covered under other lines of insurance coverage. For example, false pretense coverage may be covered under a client鈥檚 crime insurance policy. However, this client could still benefit from obtaining explicit cyber coverage on a cyber-specific policy, depending on the cyber exposures they would like to cover.
When helping small business owners evaluate cyber insurance exposures and needs, agents can look at all available lines (cyber, package, crime, management liability and more) to ensure small businesses鈥� needs are addressed.
By placing all coverages with a single carrier, the potential for coverage friction is reduced, resulting in a better and more seamless customer experience for the insured.
About the author
Eric Cernak is vice president of cyber practice at 华体会 Insurance Group. In this role, he is responsible for overseeing 华体会's corporate cyber strategy across all of its commercial lines and specialty businesses, to ensure a cohesive offering of products and services for 华体会鈥檚 independent insurance agent partners.
All products are underwritten by 华体会 Insurance Company or one of its insurance company subsidiaries or affiliates (鈥溁寤徕€�). Coverage may not be available in all jurisdictions and is subject to the company underwriting guidelines and the issued policy. This material is provided for informational purposes only and does not provide any coverage.
Related resources
How to prevent small business clients from hitting cyber blind spots
Ask five key questions to help identify cyber risk
As seen in Insurance Journal
In an increasingly digital world, it鈥檚 important that small businesses don鈥檛 get left behind when fending off cyber threats. While a recent study by Forbes Insights and 华体会 shows that most small business owners recognize they are exposed to cyber attacks (94 percent), only 20 percent feel adequately insured against cyber risks. This 鈥渃overage gap鈥� is driven largely by the challenges businesses face when valuing their (or other鈥檚) digital assets and what makes them potential targets of a cyber breach in the first place.
Assessing digital risks
Helping businesses understand they are big enough to be targets and recognize they have ample digital assets of value to a cyber attacker is a critical first step. A second crucial step is for independent agents to guide business owners through the complexities of a cyber risk analysis so they can identify high-risk areas in their operations. Often, business owners conclude they do not have any personally identifiable information in their systems, and their analysis stops there. Unfortunately, when it comes to small commercial insurance, and especially cyber, it is more complex than that.
The following are five key questions agents can ask to determine their customers鈥� most significant cyber risks:
- Does your client鈥檚 business have digital assets? Without knowing what the client is trying to protect, it is difficult to design a risk mitigation program. Small businesses can have many digital assets, including design or manufacturing specs (their own or customers鈥�), personal information, and mergers and acquisitions activity.
- Do they know where those assets are located? Understanding where and how assets are stored is critical in determining what kind of coverage is needed to protect them. This can include on-site systems, cloud back- ups, historical hard copy information, data entrusted to third parties (e.g. employee data managed by an HR suite or compensation management software provider) and more.
- How do they value those assets? Is the client in a 鈥渉igh-trust鈥� field (e.g. doctors, lawyers, etc.) where a cyber attack would reduce consumer confidence? Reputation management is a key consideration in designing cyber insurance coverage plans. For more industrial or manufacturing-based clients, questions related to the importance of the digital assets include: 鈥淲ould a shutdown cause the client to miss key deliverable dates?鈥� and, 鈥淐ould the data be easily recreated?鈥�
- Do they have access to a third party鈥檚 system? Your clients may not store valuable assets themselves but could be targets due to their access to larger, more data rich organizations with which they have business relationships.
- How long, or in what capacity, could they run their operations if their point-of-sale or other systems were taken off-line? Some attacks are indiscriminate and cast large nets. An unknowing employee could erroneously click on a malware link in an email that results in files or systems being 鈥渓ocked.鈥� Having coverage to mitigate risks associated with human error or employee negligence cannot be overstated for most clients, especially those relying heavily on point-of-sale, manufacturing or other systems.
Customizing coverage
Once digital asset risks are identified, the final step in a cyber risk analysis is determining which cyber insurance fits clients鈥� needs. Cyber insurance can provide coverage for first- and third-party risks, adding a level of complexity for businesses evaluating their needs. With almost every business relying on computers, optimizing policies for coverages and appropriate limits is challenging. It鈥檚 critical to consider coverages and limits that address the exposures specific to each customer鈥檚 class of business. Here are three cyber coverage types to consider, based on clients鈥� needs:
- Baseline. This coverage often is the best option for clients that do not have substantial exposures and do not require extensive protection. For instance, if a client does not collect extensive amounts of personal information and does not have highly automated and connected manufacturing systems, a 鈥渂olt-on鈥� product could be added to their existing package policy, offering added coverage needed to protect against cyber exposures. These bolt-on coverages are generally simpler and easier to purchase, as they may not require an underwriting application.
- Stand-alone. For larger clients or more complex needs, stand-alone cyber coverages can provide businesses with more comprehensive coverage and greater limits. While these products generally require underwriting applications, the simple process of completing the application is often beneficial to small businesses, as questions typically involve security-related best practices.
- Coverage continuity. It is also important to be mindful that some cyber risks may be covered under other lines of insurance coverage. For example, false pretense coverage may be covered under a client鈥檚 crime insurance policy. However, this client could still benefit from obtaining explicit cyber coverage on a cyber-specific policy, depending on the cyber exposures they would like to cover.
When helping small business owners evaluate cyber insurance exposures and needs, agents can look at all available lines (cyber, package, crime, management liability and more) to ensure small businesses鈥� needs are addressed.
By placing all coverages with a single carrier, the potential for coverage friction is reduced, resulting in a better and more seamless customer experience for the insured.
About the author
Eric Cernak is vice president of cyber practice at 华体会 Insurance Group. In this role, he is responsible for overseeing 华体会's corporate cyber strategy across all of its commercial lines and specialty businesses, to ensure a cohesive offering of products and services for 华体会鈥檚 independent insurance agent partners.
All products are underwritten by 华体会 Insurance Company or one of its insurance company subsidiaries or affiliates (鈥溁寤徕€�). Coverage may not be available in all jurisdictions and is subject to the company underwriting guidelines and the issued policy. This material is provided for informational purposes only and does not provide any coverage.
Related resources
How to prevent small business clients from hitting cyber blind spots
Ask five key questions to help identify cyber risk
As seen in Insurance Journal
In an increasingly digital world, it鈥檚 important that small businesses don鈥檛 get left behind when fending off cyber threats. While a recent study by Forbes Insights and 华体会 shows that most small business owners recognize they are exposed to cyber attacks (94 percent), only 20 percent feel adequately insured against cyber risks. This 鈥渃overage gap鈥� is driven largely by the challenges businesses face when valuing their (or other鈥檚) digital assets and what makes them potential targets of a cyber breach in the first place.
Assessing digital risks
Helping businesses understand they are big enough to be targets and recognize they have ample digital assets of value to a cyber attacker is a critical first step. A second crucial step is for independent agents to guide business owners through the complexities of a cyber risk analysis so they can identify high-risk areas in their operations. Often, business owners conclude they do not have any personally identifiable information in their systems, and their analysis stops there. Unfortunately, when it comes to small commercial insurance, and especially cyber, it is more complex than that.
The following are five key questions agents can ask to determine their customers鈥� most significant cyber risks:
- Does your client鈥檚 business have digital assets? Without knowing what the client is trying to protect, it is difficult to design a risk mitigation program. Small businesses can have many digital assets, including design or manufacturing specs (their own or customers鈥�), personal information, and mergers and acquisitions activity.
- Do they know where those assets are located? Understanding where and how assets are stored is critical in determining what kind of coverage is needed to protect them. This can include on-site systems, cloud back- ups, historical hard copy information, data entrusted to third parties (e.g. employee data managed by an HR suite or compensation management software provider) and more.
- How do they value those assets? Is the client in a 鈥渉igh-trust鈥� field (e.g. doctors, lawyers, etc.) where a cyber attack would reduce consumer confidence? Reputation management is a key consideration in designing cyber insurance coverage plans. For more industrial or manufacturing-based clients, questions related to the importance of the digital assets include: 鈥淲ould a shutdown cause the client to miss key deliverable dates?鈥� and, 鈥淐ould the data be easily recreated?鈥�
- Do they have access to a third party鈥檚 system? Your clients may not store valuable assets themselves but could be targets due to their access to larger, more data rich organizations with which they have business relationships.
- How long, or in what capacity, could they run their operations if their point-of-sale or other systems were taken off-line? Some attacks are indiscriminate and cast large nets. An unknowing employee could erroneously click on a malware link in an email that results in files or systems being 鈥渓ocked.鈥� Having coverage to mitigate risks associated with human error or employee negligence cannot be overstated for most clients, especially those relying heavily on point-of-sale, manufacturing or other systems.
Customizing coverage
Once digital asset risks are identified, the final step in a cyber risk analysis is determining which cyber insurance fits clients鈥� needs. Cyber insurance can provide coverage for first- and third-party risks, adding a level of complexity for businesses evaluating their needs. With almost every business relying on computers, optimizing policies for coverages and appropriate limits is challenging. It鈥檚 critical to consider coverages and limits that address the exposures specific to each customer鈥檚 class of business. Here are three cyber coverage types to consider, based on clients鈥� needs:
- Baseline. This coverage often is the best option for clients that do not have substantial exposures and do not require extensive protection. For instance, if a client does not collect extensive amounts of personal information and does not have highly automated and connected manufacturing systems, a 鈥渂olt-on鈥� product could be added to their existing package policy, offering added coverage needed to protect against cyber exposures. These bolt-on coverages are generally simpler and easier to purchase, as they may not require an underwriting application.
- Stand-alone. For larger clients or more complex needs, stand-alone cyber coverages can provide businesses with more comprehensive coverage and greater limits. While these products generally require underwriting applications, the simple process of completing the application is often beneficial to small businesses, as questions typically involve security-related best practices.
- Coverage continuity. It is also important to be mindful that some cyber risks may be covered under other lines of insurance coverage. For example, false pretense coverage may be covered under a client鈥檚 crime insurance policy. However, this client could still benefit from obtaining explicit cyber coverage on a cyber-specific policy, depending on the cyber exposures they would like to cover.
When helping small business owners evaluate cyber insurance exposures and needs, agents can look at all available lines (cyber, package, crime, management liability and more) to ensure small businesses鈥� needs are addressed.
By placing all coverages with a single carrier, the potential for coverage friction is reduced, resulting in a better and more seamless customer experience for the insured.
About the author
Eric Cernak is vice president of cyber practice at 华体会 Insurance Group. In this role, he is responsible for overseeing 华体会's corporate cyber strategy across all of its commercial lines and specialty businesses, to ensure a cohesive offering of products and services for 华体会鈥檚 independent insurance agent partners.
All products are underwritten by 华体会 Insurance Company or one of its insurance company subsidiaries or affiliates (鈥溁寤徕€�). Coverage may not be available in all jurisdictions and is subject to the company underwriting guidelines and the issued policy. This material is provided for informational purposes only and does not provide any coverage.
Related resources
How to prevent small business clients from hitting cyber blind spots
Ask five key questions to help identify cyber risk
As seen in Insurance Journal
In an increasingly digital world, it鈥檚 important that small businesses don鈥檛 get left behind when fending off cyber threats. While a recent study by Forbes Insights and 华体会 shows that most small business owners recognize they are exposed to cyber attacks (94 percent), only 20 percent feel adequately insured against cyber risks. This 鈥渃overage gap鈥� is driven largely by the challenges businesses face when valuing their (or other鈥檚) digital assets and what makes them potential targets of a cyber breach in the first place.
Assessing digital risks
Helping businesses understand they are big enough to be targets and recognize they have ample digital assets of value to a cyber attacker is a critical first step. A second crucial step is for independent agents to guide business owners through the complexities of a cyber risk analysis so they can identify high-risk areas in their operations. Often, business owners conclude they do not have any personally identifiable information in their systems, and their analysis stops there. Unfortunately, when it comes to small commercial insurance, and especially cyber, it is more complex than that.
The following are five key questions agents can ask to determine their customers鈥� most significant cyber risks:
- Does your client鈥檚 business have digital assets? Without knowing what the client is trying to protect, it is difficult to design a risk mitigation program. Small businesses can have many digital assets, including design or manufacturing specs (their own or customers鈥�), personal information, and mergers and acquisitions activity.
- Do they know where those assets are located? Understanding where and how assets are stored is critical in determining what kind of coverage is needed to protect them. This can include on-site systems, cloud back- ups, historical hard copy information, data entrusted to third parties (e.g. employee data managed by an HR suite or compensation management software provider) and more.
- How do they value those assets? Is the client in a 鈥渉igh-trust鈥� field (e.g. doctors, lawyers, etc.) where a cyber attack would reduce consumer confidence? Reputation management is a key consideration in designing cyber insurance coverage plans. For more industrial or manufacturing-based clients, questions related to the importance of the digital assets include: 鈥淲ould a shutdown cause the client to miss key deliverable dates?鈥� and, 鈥淐ould the data be easily recreated?鈥�
- Do they have access to a third party鈥檚 system? Your clients may not store valuable assets themselves but could be targets due to their access to larger, more data rich organizations with which they have business relationships.
- How long, or in what capacity, could they run their operations if their point-of-sale or other systems were taken off-line? Some attacks are indiscriminate and cast large nets. An unknowing employee could erroneously click on a malware link in an email that results in files or systems being 鈥渓ocked.鈥� Having coverage to mitigate risks associated with human error or employee negligence cannot be overstated for most clients, especially those relying heavily on point-of-sale, manufacturing or other systems.
Customizing coverage
Once digital asset risks are identified, the final step in a cyber risk analysis is determining which cyber insurance fits clients鈥� needs. Cyber insurance can provide coverage for first- and third-party risks, adding a level of complexity for businesses evaluating their needs. With almost every business relying on computers, optimizing policies for coverages and appropriate limits is challenging. It鈥檚 critical to consider coverages and limits that address the exposures specific to each customer鈥檚 class of business. Here are three cyber coverage types to consider, based on clients鈥� needs:
- Baseline. This coverage often is the best option for clients that do not have substantial exposures and do not require extensive protection. For instance, if a client does not collect extensive amounts of personal information and does not have highly automated and connected manufacturing systems, a 鈥渂olt-on鈥� product could be added to their existing package policy, offering added coverage needed to protect against cyber exposures. These bolt-on coverages are generally simpler and easier to purchase, as they may not require an underwriting application.
- Stand-alone. For larger clients or more complex needs, stand-alone cyber coverages can provide businesses with more comprehensive coverage and greater limits. While these products generally require underwriting applications, the simple process of completing the application is often beneficial to small businesses, as questions typically involve security-related best practices.
- Coverage continuity. It is also important to be mindful that some cyber risks may be covered under other lines of insurance coverage. For example, false pretense coverage may be covered under a client鈥檚 crime insurance policy. However, this client could still benefit from obtaining explicit cyber coverage on a cyber-specific policy, depending on the cyber exposures they would like to cover.
When helping small business owners evaluate cyber insurance exposures and needs, agents can look at all available lines (cyber, package, crime, management liability and more) to ensure small businesses鈥� needs are addressed.
By placing all coverages with a single carrier, the potential for coverage friction is reduced, resulting in a better and more seamless customer experience for the insured.
About the author
Eric Cernak is vice president of cyber practice at 华体会 Insurance Group. In this role, he is responsible for overseeing 华体会's corporate cyber strategy across all of its commercial lines and specialty businesses, to ensure a cohesive offering of products and services for 华体会鈥檚 independent insurance agent partners.
All products are underwritten by 华体会 Insurance Company or one of its insurance company subsidiaries or affiliates (鈥溁寤徕€�). Coverage may not be available in all jurisdictions and is subject to the company underwriting guidelines and the issued policy. This material is provided for informational purposes only and does not provide any coverage.